Group-IB uncovers hacker group that targeted U.S. and Russia

Group-IB, a Skolkovo Foundation resident cybersecurity startup, has released a report detailing the actions of a Russian-speaking targeted attack group nicknamed MoneyTaker.

MoneyTaker carried out at least 20 successful attacks on financial institutions and legal firms in Russia, the U.S. and U.K in the space of just 18 months, stealing up to $10 million, Group-IB reported on its website on Monday. Sixteen of those confirmed attacks were on U.S. organisations, three targeted Russian banks, and one occurred in the U.K.

Image: Group-IB.

The criminal group’s actions had not previously been reported, according to Group-IB, which carries out investigations into high-profile cybercrimes, helps companies to identify weaknesses in their cybersecurity, and produces anti-fraud solutions.

“By constantly changing their tools and tactics to bypass antivirus and traditional security solutions, and most importantly, carefully eliminating their traces after completing their operations, the group has largely gone unnoticed,” Group-IB wrote on its website.

“At least one of the U.S. banks targeted had documents successfully exfiltrated from their networks twice,” said Dmitry Volkov, Group-IB’s co-founder and head of intelligence.

In addition to money, the hacker group stole documents related to interbank payment systems which were then used to prepare further attacks, the company said.

“Group-IB specialists expect new thefts in the near future and in order to reduce this risk, Group-IB would like to contribute our report identifying hacker tools and techniques as well as indicators of compromise we attribute to MoneyTaker operations,” said Volkov.

The Russian cybersecurity experts used their Threat Intelligence system to discover connections between all 20 incidents, which took place between May 2016 and November 2017.

“Group-IB has provided Europol and Interpol with detailed information about the MoneyTaker group for further investigative activities as part of our cooperation in fighting cybercrime,” the company said.

The full report is available free of charge in both English and Russian on Group-IB’s website here.